Facebook’s new requirement to have all tabs and apps working over HTTPS got my dev team working frantically on fixing all active apps.

One of the apps I manage is particularly interesting, because assets for the app are hosted on an Akamai server. Here’s how it is set up:

And when I try point Facebook tab to the secure version of the file that lives on Akamai, the page throws the “Access denied” error:

What’s the reason? Well, apparently Facebook iFrame apps/tabs request content via POST (as opposed to GET). On most servers this works fine by default. In a case of Akamai, POST requests have to be enabled or configured manually. Once POST requests are allowed, the page content will load fine.

So, if you are like me and usually access your WordPress admin Dashboard by going to /wp-admin/, then you probably also have troubles with login not working. Mine stopped working with the latest version install (3.2.1).

What happens is /wp-admin/ redirects to wp-login.php with a bunch of parameters, the last one being “reauth=1”. If you look closely, you’ll notice that there’s also a redirect_to parameter, which should look like yoursite.com/wp-admin/. If you have your WordPress installed in a subdirectory, and not in the webroot, this redirect_to parameter might be set incorrectly. Thus – continuous loop from wp-login.php to /wp-admin/, and /wp-admin/ can not be found.

One way to get rid of this is to login from wp-login.php page directly. The other one is to tweak some WP settings. I’ll update the post once I know exactly what needs to be updated and where.

A helpful WP post on how to troubleshoot login issues: http://codex.wordpress.org/Login_Trouble